How This Book Is Organized
This book has five parts, which provide a Cisco ASA product overview and then focus on firewalls, intrusion prevention, VPNs, and Adaptive Security Device Manager (ASDM). Each part comprises many sample configurations, accompanied by in-depth analyses of design scenarios. Your learning is further enhanced by a discussion of a set of debugs included in each technology. Ground-breaking features, such as WebVPN and virtual and Layer 2 firewalls, are discussed extensively.
Part I, "Product Overview," includes the following chapters:
- - Chapter 1, "Introduction to Network Security" This chapter provides an overview of different technologies that are supported by Cisco ASA and widely used by today's network security professionals.
- - Chapter 2, "Product History" Historically, Cisco PIX security appliances, the Cisco IOS Advanced Security Feature Set, and the security services modules for Cisco Catalyst 6500 Series Switches have provided integrated security solutions to small and large organizations. As described in this chapter, Cisco ASA incorporates features from each of these products, integrating comprehensive firewall, intrusion detection and prevention, and VPN technologies in a cost-effective, single-box format.
- - Chapter 3, "Hardware Overview" This chapter provides a hardware overview of Cisco ASA, including detailed technical specifications and installation guidelines. It also covers an overview of the Adaptive Inspection and Prevention Security Services Module (AIP-SSM).
- - Chapter 1, "Introduction to Network Security" This chapter provides an overview of different technologies that are supported by Cisco ASA and widely used by today's network security professionals.
Part II, "Firewall Solution," includes the following chapters:
- - Chapter 4, "Initial Setup and System Maintenance" A comprehensive list of initial setup tasks and system maintenance procedures is included in this chapter. These tasks and procedures are intended to be used by network professionals who will be installing, configuring, and managing Cisco ASA.
- - Chapter 5, "Network Access Control" Cisco ASA can protect one or more networks from intruders. Connections between these networks can be carefully controlled by advanced firewall capabilities, enabling you to ensure that all traffic from and to the protected networks passes only through the firewall based on the organization's security policy. This chapter shows you how to implement your organization's security policy using the features that Cisco ASA provides.
- - Chapter 6, "IP Routing" This chapter covers the different routing capabilities of Cisco ASA.
- - Chapter 7, "Authentication, Authorization, and Accounting (AAA)" Cisco ASA supports a wide range of AAA features. This chapter provides guidelines on how to configure AAA services by defining a list of authentication methods applied to various implementations.
- - Chapter 8, "Application Inspection" Cisco ASA stateful application inspection helps to secure the use of applications and services in your network. This chapter describes how to use and configure application inspection.
- - Chapter 9, "Security Contexts" Cisco ASA virtual firewall feature introduces the concept of operating multiple instances of firewalls (contexts) within the same hardware platform. This chapter shows how to configure and troubleshoot each of these security contexts.
- - Chapter 10, "Transparent Firewalls"� This chapter introduces the transparent (Layer 2) firewall model within Cisco ASA. It explains how users can configure Cisco ASA in transparent single mode and multiple mode while accommodating their security needs.
- - Chapter 11, "Failover and Redundancy" This chapter discusses the different redundancy and failover mechanisms that Cisco ASA provides. It includes not only the overview and configuration, but also detailed troubleshooting procedures.
- - Chapter 12, "Quality of Service"� QoS is a network feature that lets you give priority to certain types of traffic. This chapter covers how to configure and troubleshoot QoS in Cisco ASA.
- - Chapter 4, "Initial Setup and System Maintenance" A comprehensive list of initial setup tasks and system maintenance procedures is included in this chapter. These tasks and procedures are intended to be used by network professionals who will be installing, configuring, and managing Cisco ASA.
Part III, "Intrusion Prevention System (IPS) Solution," includes the following chapters:
- - Chapter 13, "Intrusion Prevention System Integration"� Intrusion detection and prevention systems provide a level of protection beyond the firewall by securing the network against internal and external attacks and threats. This chapter describes the integration of Intrusion Prevention System (IPS) features within Cisco ASA.
- - Chapter 14, "Configuring and Troubleshooting Cisco IPS Software via the CLI"� This chapter provides expert guidance on how to configure the AIP-SSM IPS software via its command-line interface (CLI). Troubleshooting scenarios are also included to enhance learning.
- - Chapter 13, "Intrusion Prevention System Integration"� Intrusion detection and prevention systems provide a level of protection beyond the firewall by securing the network against internal and external attacks and threats. This chapter describes the integration of Intrusion Prevention System (IPS) features within Cisco ASA.
Part IV, "Virtual Private Network (VPN) Solution," includes the following chapters:
- - Chapter 15, "Site-to-Site IPSec VPNs"� Cisco ASA supports IPSec VPN features that allows you to connect networks in different geographic locations. This chapter provides configuration and troubleshooting guidelines to successfully deploy site-to-site IPSec VPNs.
- - Chapter 16, "Remote Access VPNs"� This chapter discusses many different remote-access VPN solutions that are supported on Cisco ASA. A large number of sample configurations and troubleshooting scenarios are provided.
- - Chapter 17, "Public Key Infrastructure (PKI)"� This chapter starts by introducing PKI concepts. It then covers the configuration and troubleshooting of PKI in Cisco ASA.
- - Chapter 15, "Site-to-Site IPSec VPNs"� Cisco ASA supports IPSec VPN features that allows you to connect networks in different geographic locations. This chapter provides configuration and troubleshooting guidelines to successfully deploy site-to-site IPSec VPNs.
Part V, "Adaptive Security Device Manager," includes the following chapters:
- - Chapter 18, "Introduction to ASDM"� This chapter introduces Cisco ASA GUI�the Adaptive Security Device Manager (ASDM).
- - Chapter 19, "Firewall Management Using ASDM"� This chapter guides you on how to configure and manage firewall features using ASDM.
- - Chapter 20, "IPS Management Using ASDM"� This chapter shows you how to configure and manage IPS features using ASDM.
- - Chapter 21, "VPN Management Using ASDM"� The configuration and management of remote-access and site-to-site VPNs using ASDM are covered in this chapter.
- - Chapter 22, "Case Studies"� In this chapter, you gain greater insight into how the implementation of Cisco ASA advanced features can benefit your organization. Several sample configurations and deployment scenarios are covered in detail.
- - Chapter 18, "Introduction to ASDM"� This chapter introduces Cisco ASA GUI�the Adaptive Security Device Manager (ASDM).